From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:39664)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hpa@zytor.com>) id 1UCjkc-0000xW-RC
	for qemu-devel@nongnu.org; Mon, 04 Mar 2013 23:45:19 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <hpa@zytor.com>) id 1UCjkb-0007NC-Ro
	for qemu-devel@nongnu.org; Mon, 04 Mar 2013 23:45:18 -0500
Received: from terminus.zytor.com ([2001:1868:205::10]:49931
	helo=mail.zytor.com) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <hpa@zytor.com>) id 1UCjkb-0007If-I8
	for qemu-devel@nongnu.org; Mon, 04 Mar 2013 23:45:17 -0500
Message-ID: <51357846.9060503@zytor.com>
Date: Mon, 04 Mar 2013 20:44:54 -0800
From: "H. Peter Anvin" <hpa@zytor.com>
MIME-Version: 1.0
References: <512FF819.7050505@redhat.com> <87k3pqzy2y.fsf@codemonkey.ws>
	<513110D3.5030503@linux.vnet.ibm.com>
	<87d2vig75m.fsf@codemonkey.ws> <51311A13.6030205@redhat.com>
	<87r4jy90wt.fsf@codemonkey.ws> <51313660.5010001@redhat.com>
	<87vc9apt7r.fsf@codemonkey.ws> <513147E4.5030005@redhat.com>
	<87txouv6hp.fsf@codemonkey.ws> <5131EF32.5010808@redhat.com>
In-Reply-To: <5131EF32.5010808@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] virtio-rng and fd passing
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, Anthony Liguori <anthony@codemonkey.ws>, Stefan Berger <stefanb@linux.vnet.ibm.com>

On 03/02/2013 04:23 AM, Paolo Bonzini wrote:
> Il 02/03/2013 04:13, Anthony Liguori ha scritto:
>> There is no valid use-case of rng-random other than using /dev/random.
>> In fact, it was probably a mistake to even allow a filename to be
>> specified because it lets people do silly things (like /dev/urandom).
>>
>> If you want anything other than /dev/random, you should use rng-egd.
> 
> /dev/hwrng makes sense too.

Only if the host isn't using it, which it almost certainly should if
there is something there.  On the other hand, yes, it is
cryptographically sound (since it presents itself as /dev/hwrng in the
guest!) and it does make sense for a very thin host.

	-hpa


-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.